Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

extendSessionOnUse not working as expected #8981

Closed
4 tasks done
magnacartatron opened this issue Mar 4, 2024 · 9 comments · Fixed by #9113
Closed
4 tasks done

extendSessionOnUse not working as expected #8981

magnacartatron opened this issue Mar 4, 2024 · 9 comments · Fixed by #9113
Labels
state:released Released as stable version state:released-alpha Released as alpha version state:released-beta Released as beta version type:bug Impaired feature or lacking behavior that is likely assumed

Comments

@magnacartatron
Copy link

magnacartatron commented Mar 4, 2024

New Issue Checklist

Issue Description

Issue with 'extendSessionOnUse'
I don't understand how this feature works.
So this is where the magic happens and the session gets extended.

 const lastUpdated = new Date((_session = session) === null || _session === void 0 ? void 0 : _session.updatedAt);
      const yesterday = new Date();
      yesterday.setDate(yesterday.getDate() - 1);
      if (lastUpdated > yesterday || !session) {
        return;
      }
      const expiresAt = config.generateSessionExpiresAt();
      await new _RestWrite.default(config, master(config), '_Session', {
        objectId: session.objectId
      }, {
        expiresAt: Parse._encode(expiresAt)
      }).execute();

But looking at this piece of code it takes lastUpdated and yesterday and if lastUpdated is greater than yesterday it returns.

So if I've doing 60 minute sessions, well this will never actually extend the session. So for this to work a session needs to be at least 24 hours.

This isn't documented anywhere and it's counterintuitive.

Am I missing something.

Steps to reproduce

Enable extendSessionOnUse.

Set session to 60 minutes.

Perform actions for authenticated user and look at session expiry. it doesn't update.

Now set session to 48 hours.

Perform actions and notice that session expiry does update.

Actual Outcome

I expect Session expiry to update for any session duration.

Expected Outcome

I expect Session expiry to update for any session duration.

Environment

NodeJS 21

Server

  • Parse Server version: `6.4
  • Operating system: Ubuntu 22
  • Local or remote host (AWS, Azure, Google Cloud, Heroku, Digital Ocean, etc): local

Database

  • System (MongoDB or Postgres): `MongoDB
  • Database version: 6.0
  • Local or remote host (MongoDB Atlas, mLab, AWS, Azure, Google Cloud, etc): local

Client

  • SDK (iOS, Android, JavaScript, PHP, Unity, etc): REST
  • SDK version: REST

Logs

N/A

Copy link

parse-github-assistant bot commented Mar 4, 2024

Thanks for opening this issue!

  • 🚀 You can help us to fix this issue faster by opening a pull request with a failing test. See our Contribution Guide for how to make a pull request, or read our New Contributor's Guide if this is your first time contributing.

@mman
Copy link
Contributor

mman commented Mar 4, 2024

Last time I tried to use this I came to the same conclusion (IIRC). I think not updating the session expiration on every use is actually a good design decision, as it would hit the Mongo with session object write with every authenticated read. But it may be wise to perhaps make this configurable or invent some better update magic.

For example, if the session expiration is set to N days, it would be wise to extend the use every day.

If the session expiration is set to N minutes, it may be wise to extend every minute.

if session expires in N hours (but less then a day), it may be wise to update every hour.

so hardcoding 24 hours probably makes sense for longer session expirations in days, and does not work at all for sessions with expirations in hours or minutes.

@mtrezza
Copy link
Member

mtrezza commented Mar 6, 2024

Please feel free to open a PR; likely a simple fix, just remove the yesterday var.

@mtrezza mtrezza added type:feature New feature or improvement of existing feature type:bug Impaired feature or lacking behavior that is likely assumed and removed type:feature New feature or improvement of existing feature labels Mar 6, 2024
@vivekjoshi556
Copy link
Contributor

This is still open to work on right. Can I work on this?

@mman
Copy link
Contributor

mman commented Apr 24, 2024

@vivekjoshi556 Please do work on this, I will beta test for you. I have a good idea above how to fix it without incurring additional writes on Mongo, but I will not have a time to look at it in the near future!

@mtrezza
Copy link
Member

mtrezza commented Apr 25, 2024

@vivekjoshi556 Sure, please go ahead.

@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 7.1.0-alpha.9

@parseplatformorg parseplatformorg added the state:released-alpha Released as alpha version label May 27, 2024
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 7.1.0-beta.1

@parseplatformorg parseplatformorg added the state:released-beta Released as beta version label Jun 30, 2024
@parseplatformorg
Copy link
Contributor

🎉 This change has been released in version 7.1.0

@parseplatformorg parseplatformorg added the state:released Released as stable version label Jun 30, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
state:released Released as stable version state:released-alpha Released as alpha version state:released-beta Released as beta version type:bug Impaired feature or lacking behavior that is likely assumed
Projects
None yet
5 participants